Overnight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid

Overnight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--TRUMP-LINKED DATA FIRM INVITES SCRUTINY: Cambridge Analytica is attracting massive scrutiny following reports from the New York Times and The Observer of London that the data mining firm obtained private data on 50 million Facebook users to fuel its operation. The firm, which has links to President TrumpDonald John TrumpCould Donald Trump and Boris Johnson be this generation's Reagan-Thatcher? Merkel backs Democratic congresswomen over Trump How China's currency manipulation cheats America on trade MORE's former chief strategist Steve BannonStephen (Steve) Kevin BannonRussian intel planted Seth Rich conspiracy theory: report Former Breitbart White House correspondent to join Trump administration Tillerson told lawmakers Kushner didn't alert him to Saudi meeting MORE and GOP megadonor Robert Mercer, was paid $5.9 million by the Trump campaign for data management services ahead of the 2016 presidential election. The firm is facing allegations that it obtained the data improperly, and the developments have prompted a new round of debate over data privacy. House intelligence Committee ranking member Adam SchiffAdam Bennett SchiffCourt filings show Trump, Cohen contacts amid hush money payments House passes annual intelligence bill Judge finds Stone violated gag order, blocks him from using social media MORE (D-Calif.) on Sunday said that Cambridge Analytica needs to testify before Congress on the developments, and the lawmaker has also sent a letter to the whistleblower who exposed the issue inviting him to testify. Cambridge Analytica vehemently pushed back on Monday. "This Facebook data was not used by Cambridge Analytica as part of the services it provided to the Donald Trump presidential campaign; personality targeted advertising was not carried out for this client either. The company has made this clear since 2016," it said in a statement. Facebook announced that it was suspending Cambridge Analytica from the platform late Friday, citing policy violations.

 

--NEW CRISIS FOR FACEBOOK: The developments have created a new headache for Facebook, with CEO Mark ZuckerbergMark Elliot ZuckerbergHillicon Valley: Trump seeks review of Pentagon cloud-computing contract | FTC weighs updating kids' internet privacy rules | Schumer calls for FaceApp probe | Report says states need more money to secure elections Maxine Waters says her committee will call in Zuckerberg to testify about Libra Hillicon Valley: Lawmakers struggle to understand Facebook's Libra project | EU hits Amazon with antitrust probe | New cybersecurity concerns over census | Robocall, election security bills head to House floor | Privacy questions over FaceApp MORE now facing calls to testify before Congress as renewed focus falls on the tech giant's privacy practices. Sens. Amy KlobucharAmy Jean KlobucharThe Hill's Morning Report: Trump walks back from 'send her back' chants Biden, Harris set for second Democratic debate showdown Poll: McConnell is most unpopular senator MORE (D-Minn.) and John KennedyJohn Neely KennedyMORE (R-La.) on Monday requested that the Senate Judiciary Committee call major tech CEOs to testify about how internet platforms oversee the use of consumer data for political advertising. While the request included several tech firms, it was clearly triggered by the report about Facebook data being used by Cambridge Analytica. "The lack of oversight on how data is stored and how political advertisements are sold raises concerns about the integrity of American elections as well as privacy rights," the senators wrote in a letter to Judiciary Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleyScandal in Puerto Rico threatens chance at statehood Poll: McConnell is most unpopular senator Democrat: Treasury 'acknowledged the unprecedented process' in Trump tax return rejection MORE (R-Iowa). The data was reportedly given to Cambridge Analytica by a researcher who had developed an app that relied on Facebook's login feature. While only about 270,000 people handed over information through the app, Facebook at the time allowed developers to tap into the entire friend networks of users. That feature, according to the report, allowed the researcher to collect the data of more than 50 million people.

To read more from our coverage, click herehere and here.

Click here for five things to watch as the Cambridge Analytica story unfolds.

 

-- FACEBOOK SECURITY CHIEF LEAVING: Facebook's chief information security officer is stepping down after battling with other company officials on how to handle the spread of disinformation on the platform, The New York Times reported Monday.

Alex Stamos said that he would leave Facebook in December after his daily duties were assigned to other company staffers, but agreed to stay with the network until August to help with the transition.

He had advocated for Facebook to be transparent about the activity of Russians and other trolls on the platform, clashing with other executives, including chief operating officer Sheryl Sandberg, according to The Times.

Lawmakers have criticized Facebook and other tech giants for allegedly not doing enough to fight Russian influence on the 2016 election.

To read more, click here.

 

-- SESSIONS FIRES MCCABE FROM FBI: Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsHouse gears up for Mueller testimony Trump's no racist — he's an equal opportunity offender Press: Acosta, latest to walk the plank MORE on Friday fired Andrew McCabeAndrew George McCabeMcCabe says it's 'absolutely' time to launch impeachment inquiry into Trump Feds gone wild: DOJ's stunning inability to prosecute its own bad actors Comey: Trump peddling 'dumb lies' MORE, the No. 2 official at the FBI and a longtime target of President Trump. McCabe's ouster comes just days before he was scheduled to retire on Sunday, after more than 20 years at the bureau. McCabe had already stepped down under pressure in January and has been on a leave of absence since. In a statement Friday evening, Sessions said that the FBI's Office of Professional Responsibility and Office of Inspector General (OIG) had found McCabe made an unauthorized disclosure to the news media and "lacked candor -- including under oath -- on multiple occasions." "Pursuant to Department Order 1202, and based on the report of the Inspector General, the findings of the FBI Office of Professional Responsibility, and the recommendation of the Department's senior career official, I have terminated the employment of Andrew McCabe effective immediately," Sessions said. McCabe quickly declared that his termination and Trump's needling against him were an effort to undermine special counsel Robert MuellerRobert (Bob) Swan MuellerTop Republican considered Mueller subpoena to box in Democrats Kamala Harris says her Justice Dept would have 'no choice' but to prosecute Trump for obstruction Dem committees win new powers to investigate Trump MORE's investigation, in which he could be a potential witness. "The idea that I was dishonest is just wrong," McCabe told The New York Times. "This is part of an effort to discredit me as a witness." McCabe's dismissal came at the recommendation of an internal FBI office that handles disciplinary matters. According to the Times, the recommendation was based on a finding from the Justice Department inspector general that McCabe was not forthcoming during the review, which includes an investigation into a decision he made in 2016 to allow FBI officials to speak with reporters about an investigation into the Clinton Foundation.  It is unclear why the inspector general, Michael Horowitz, chose to act on his findings regarding McCabe before closing the overall investigation into decisions made during the 2016 election. Horowitz has said publicly that he expects to issue his final report this spring. While the exact details of the allegations against McCabe remain unclear, the high-profile dismissal ignited a political firestorm in Washington, with an outpouring response from Democratic lawmakers and former top intelligence community leaders like former FBI Director James ComeyJames Brien ComeyFBI's spreadsheet puts a stake through the heart of Steele's dossier Hannity invites Ocasio-Cortez to join prime-time show for full hour The Hill's 12:30 Report: Acosta under fire over Epstein plea deal MORE and former CIA chief James Brennan in the days that followed.

To read the rest of our coverage, click here and here.

 

-- SENATE INTEL TO HOLD ELECTION SECURITY BRIEFING: The Senate Intelligence Committee has scheduled an open hearing on threats to U.S. election security on Wednesday morning, which comes as the 2018 midterm elections draws near. The committee announced Monday that the hearing will feature three separate panels to address the issue of election security with representatives from a range of agencies like the Department of Homeland Security (DHS), Election Assistance Commission, and National Association of Secretaries of State. DHS Secretary Kirstjen NielsenKirstjen Michele NielsenTrump quietly rolled back programs to detect, combat weapons of mass destruction: report Trump's family separation policy has taken US to 'lowest depth possible,' says former immigration lawyer Four heated moments from House hearing on conditions at border facilities MORE is scheduled to appear for the first panel alongside her Obama administration predecessor, former DHS Secretary Jeh Johnson. The hearing will explore how DHS is engaging states to prepare for the midterms, what the panel has learned about Russian interference in the 2016 presidential election, and how prepared states say they are to combat cyber threats, according to an advisory for the hearing. Election interference has increasingly gained attention as lawmakers and security experts raise concern over whether election systems across the country are properly secure to combat further meddling attempts. The Senate committee has been investigating Russian meddling in the presidential election for more than a year. One day before the hearing takes place, the committee is expected to release a public report on election security. The top Democrat on the committee, Sen. Mark WarnerMark Robert WarnerTop Democrats demand security assessment of Trump properties Senate passes bill making hacking voting systems a federal crime Senators unload on Facebook cryptocurrency at hearing MORE (D-Va.), has warned that Russians still seek to sow discord in U.S. affairs, pointing recently to their efforts to intensify divisions in the gun control debate following the Parkland school shooting in Florida. Chairman Richard BurrRichard Mauze BurrOvernight Health Care — Presented by PCMA — Sanders mounts staunch defense of 'Medicare for All' | Biden, Sanders fight over health care heats up | House votes to repeal ObamaCare 'Cadillac Tax' | Dems want details on fetal tissue research ban Top North Carolina newspapers editorial board to GOP: 'Are you OK with a racist president?' Hillicon Valley: Senate bill would force companies to disclose value of user data | Waters to hold hearing on Facebook cryptocurrency | GOP divided on election security bills | US tracking Russian, Iranian social media campaigns MORE (R-N.C.) and Warner have worked together in nearly perfect lockstep as they sought to examine the core consequences of Russian activity.

 

-- TRUMP BANS TRADE IN VENEZUELAN GOVERNMENT CRYPTOCURRENCY: President Trump on Monday imposed new sanctions against the Venezuelan government, banning U.S. citizens from dealing in the South American country's new cryptocurrency. An executive order bans "all transactions related to, provision of financing for, and other dealings in" any digital currency issued by or for the Venezuelan government. The sanctions targeting the petro -- the digital currency announced by Venezuelan President Nicolás Maduro in December -- have been in the works for weeks. Trump has consistently ratcheted up sanctions against Venezuela since his inauguration, and is reportedly considering directly targeting the country's oil industry.  Most of his sanctions have drawn bipartisan praise -- a reflection of Maduro's dim public image internationally -- but critics have warned that full economic sanctions could further hurt the Venezuelan people. Maduro in December explicitly touted the petro as a way to "overcome the financial blockade," making clear that his administration views the cryptocurrency as a way around the sanctions on many of its top leaders.

To read the rest of our piece, click here.

 

A FEW LEGISLATIVE UPDATES:

--HOUSE APPROPRIATORS PRESSED TO FUND DHS CYBER PROGRAM: Three lawmakers are pressing House appropriators to fully fund a key cybersecurity program at the Department of Homeland Security in funding legislation for the next fiscal year.

The program, called the Continuous Diagnostics and Mitigation (CDM) program, is part of the department's broader effort to keep federal networks secure from cyberattacks.

Reps. John RatcliffeJohn Lee RatcliffeRepublican lawmakers on why they haven't read Mueller report: 'Tedious' and 'what's the point?' Bipartisan Judiciary members request probe into gender discrimination allegations at FBI academy Hillicon Valley: Tim Cook visits White House | House hearing grapples with deepfake threat | Bill, Melinda Gates launch lobbying group | Tech turns to K-Street in antitrust fight | Lawsuit poses major threat to T-Mobile, Sprint merger MORE (R-Texas), Will HurdWilliam Ballard HurdAl Green says impeachment is 'only solution' to Trump's rhetoric Trump primary challenger Bill Weld responds to rally chants: 'We are in a fight for the soul of the GOP' Democratic strategist on Trump tweets: 'He's feeding this fear and hate' MORE (R-Texas) and Jim LangevinJames (Jim) R. LangevinOvernight Defense: Trump says he doesn't need exit strategy with Iran | McConnell open to vote on Iran war authorization | Senate panel advances bill to restrict emergency arms sales House passes bill to establish DHS cyber 'first responder' teams Hillicon Valley: Assange hit with 17 more charges | Facebook removes record 2.2B fake profiles | Senate passes anti-robocall bill | Senators offer bill to help companies remove Huawei equipment MORE (D-R.I.) wrote to the leaders of the House Appropriations Committee on Thursday asking that $237 million be allotted for the CDM program in fiscal 2019 appropriations legislation.

The request is on par with the $237.6 million proposed by the Trump administration in its 2019 budget blueprint for Homeland Security.

"The CDM program is of paramount importance because of its ability to provide the federal enterprise with the ability to monitor and assess the vulnerabilities and threats to its networks and systems in an ever-changing cyber threat landscape," the lawmakers, who are on the House Homeland Security Committee, wrote.

The Homeland Security Department launched the CDM program back in 2012 in order to better guard federal .gov networks against cyber threats. The department broke down the program into four different phases, the first of which focused on managing what software is on federal networks and identifying vulnerabilities.

To read the rest of our piece, click here.

 

--HOUSE PASSES BILL AUTHORIZING CYBER RESPONSE TEAMS: House lawmakers on Monday passed legislation that would codify into law the Department of Homeland Security's cyber incident response teams that help protect federal networks and critical infrastructure from cyberattacks.

Lawmakers passed the bill, sponsored by House Homeland Security Committee Chairman Michael McCaulMichael Thomas McCaulOvernight Defense: House votes to block Trump arms sales to Saudis, setting up likely veto | US officially kicks Turkey out of F-35 program | Pentagon sending 2,100 more troops to border House votes to block Trump's Saudi arms sale House panel advances bill to protect elections from foreign interference MORE (R-Texas), in a voice vote Monday afternoon.

The legislation would authorize the "cyber hunt and incident response teams" at Homeland Security to help owners and operators of critical infrastructure respond to cyberattacks as well as provide strategies for mitigating cybersecurity risks.

The bill would also allow Secretary of Homeland Security Kirstjen Nielsen to add cybersecurity specialists from the private sector to the response teams.

It would require that Homeland Security's National Cybersecurity and Communications Integration Center -- the office in which the response teams are housed -- continually evaluate the response teams and report to Congress on their efforts at the end of each fiscal year for four years after the bill becomes law.

The House Homeland Security Committee approved the bill earlier this month.

"My legislation before us today, codifies and enhances the cyber incident response teams at DHS," McCaul said in remarks on Monday.

"By fostering new collaboration between the government and private sector, we can harness our talent and maximize our efforts to stay one step ahead of our enemies," McCaul said. "This innovative approach serves as a force multiplier to enhance our cybersecurity workforce. Being able to utilize a greater number of experts will strengthen efforts to protect our cyber networks."

To read more from our piece, click here.

 

A REPORT IN FOCUS:

Chinese hackers have been targeting the U.S. maritime industry in spy operations since last summer, cybersecurity firm FireEye said Friday.

The hackers have stepped up their activity over the past two months, a development that's linked to a Chinese cyber espionage group dubbed "TEMP.Periscope" by FireEye that is also known as "Leviathan." While the group has been active since at least 2013, researchers said its activity dropped off for several years and only reemerged last summer.

The group has largely targeted maritime and engineering focused-entities in the United States, including research institutes, academic organizations and private companies. FireEye has also seen evidence of the group targeting organizations in Europe and Hong Kong.

The group's targets include those with links to the South China Sea, where tensions have run high as a result of territorial disputes. China has built artificial islands in the region in an attempt to extend its position in the area, despite multiple countries laying claim to territory in the South China Sea.

"We've really seen a big upswing in their activity in the last two months," said Ben Read, senior manager of cyber espionage analysis at FireEye. "They've been heavily targeting U.S. entities."

In 2015, the U.S. and China inked an agreement to deepen cooperation on confronting cyberattacks and stop supporting cyber-enabled intellectual property theft against firms within each others' borders.

While FireEye has not established a definitive connection to the Chinese government, Read observed that the hackers' targets suggest they may be working on behalf of the government in some capacity.

To read the rest of our coverage, click here.

 

A LIGHTER CLICK:

Email service calls White House staffer a 'password idiot' for leaving encrypted email account details at a D.C. bus stop. (The Hill)

 

WHAT'S IN THE SPOTLIGHT: 

RUSSIAN ENERGY GRID ATTACKS: Trump administration officials on Thursday accused the Russian government of staging a multi-year cyberattack campaign against the energy grid and other elements of critical infrastructure in the United States.

The alert from the Department of Homeland Security and the FBI coincided with the administration's decision to unveil new sanctions on Russia for 2016 election meddling and other cyber activities -- developments that are sure to ramp up tensions between the U.S. and Moscow.  

Here are five things to know about Russian cyberattacks against U.S. infrastructure.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

GOP chairman threatens subpoena for FBI records on Clinton probe. (The Hill)

Woman dies after being hit by self-driving Uber. (The Hill)

White House: No discussions about firing Mueller. (The Hill)

Kelly names Kushner ally deputy chief of staff. (The Hill)

Republicans warn against firing Mueller, yet little show of appetite to pass law protecting him. (CNN)

New DHS-backed center created to address election security. (CyberScoop)

Trump once planned to tap Gary Cohn to head the CIA. (Politico)

Russian outlets say Moscow's election commission came under cyberattack. (RT)

Why the Cambridge Analytica issue is not a data breach. (Motherboard)